Blog Posts Tagged with "Multifactor Authentication"

37d5f81e2277051bc17116221040d51c

One-Third of Banking Account Takeover Attempts Successful

August 20, 2012 Added by:Robert Siciliano

While less money was ultimately siphoned from banks and customers than in past years, there are new attack strategies on the horizon, which may push these numbers up in 2012. Threats, defenses, and vulnerabilities continually emerge, so stay tuned as we track the shifts in our evolving security landscape...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Is a Password Enough? A Closer Look at Authentication

August 16, 2012 Added by:Robert Siciliano

Yahoo and LinkedIn were recently breached and usernames and passwords were stolen. These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used, then the hacks may be a moot point and the data useless...

Comments  (0)

Cb9aade927a0abf5b0bbdd2a4aaf8716

Leveraging Regular User Accounts to Achieve Compromise

July 31, 2012 Added by:Jake Garlie

One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Operation High Roller Reveals Sophisticated Automated Attacks

July 02, 2012 Added by:Headlines

"With no human participation required, each attack moves quickly and scales neatly.This operation combines an insider level of understanding of banking transaction systems with both custom and off the shelf malicious code and appears to be worthy of the term 'organized crime,'" the report states...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

RSA: Claims of SecurID 800 Token Crack are Whack

June 27, 2012 Added by:Headlines

"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Crack RSA SecurID Tokens, Extract Keys

June 25, 2012 Added by:Headlines

"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...

Comments  (0)

02a6d0efd54c7388e26f125d8df83671

Top Five Fundamentals of Network Security

June 14, 2012 Added by:Megan Berry

There are many factors that can bring down your networks and compromise data, including criminals, carelessness and disgruntled employees. The hardware, software, and policies that make up the layers of network security defend your company’s systems from these threats. What are the most common threats?

Comments  (1)

37d5f81e2277051bc17116221040d51c

How Does Your Bank Protect Your Data?

May 15, 2012 Added by:Robert Siciliano

Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Consumer Banking Security Products and Services

May 10, 2012 Added by:Robert Siciliano

All the conveniences of digital banking have its set of risks which requires upgrades in card technologies and authentication. In response banks have provided numerous methods for protecting your personal information and also making your banking experience more secure...

Comments  (1)

99edc1997453f90eb5ac1430fd9a7c61

CISSP Reloaded - Domain Two: Access Controls

March 07, 2012 Added by:Javvad Malik

Understand who’s trying to get access and choose the control that will really protect you. Or rather, I should say, the control should protect you long enough for you to do something about it. Otherwise you might find yourself as the person holding a knife in a gunfight...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Five FFIEC Compliance Tips For Banks

January 10, 2012 Added by:Robert Siciliano

“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Usernames and Passwords Are Facilitating Fraud

September 30, 2011 Added by:Robert Siciliano

Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...

Comments  (0)

37d5f81e2277051bc17116221040d51c

The Benefits of Multifactor Authentication

August 02, 2011 Added by:Robert Siciliano

Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Authentication: Who Are You and Why Are You Here?

July 29, 2011 Added by:Mike Meikle

You may have robust network security, stringent password policies and a tightly locked down user environment, but if you don’t know what you own, both data and hardware, it is akin to having a bank vault door standing alone in a field...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

What the CISSP Won't Teach You - Part Trois

July 05, 2011 Added by:Boris Sverdlik

A dedicated attacker will not scour pastebin to get your password, although “inurl: password” used to be a common attack vector. More common amongst the dedicated attacker is getting as much background information as possible as an attacker builds the dossier on their target...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Does Multi-Factor Authentication Even Matter Anymore?

April 05, 2011 Added by:Rafal Los

Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike. They have that one session, and then they have to orchestrate the attack again, whereas with a password compromise you can keep attacking over and over...

Comments  (10)

Page « < 1 - 2 > »